H3C S5500-EI series Operation Manual page 1482

Operation Manual – SSL-HTTPS
H3C S5500-EI Series Ethernet Switches
II. Network diagram
Vlan-int2
10.1.1.1/24
10.1.1.2/24
Host
Figure 1-2 Network diagram for SSL server policy configuration
III. Configuration procedure
1) Request a certificate for the switch
# Create a PKI entity named en and configure it.
<Sysname> system-view
[Sysname] pki entity en
[Sysname-pki-entity-en] common-name http-server1
[Sysname-pki-entity-en] fqdn ssl.security.com
[Sysname-pki-entity-en] quit
# Create a PKI domain and configure it.
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier ca1
[Sysname-pki-domain-1]
http://10.1.2.2/certsrv/mscep/mscep.dll
[Sysname-pki-domain-1] certificate request from ra
[Sysname-pki-domain-1] certificate request entity en
[Sysname-pki-domain-1] quit
# Create a local key pair through RSA.
[Sysname] public-key local create rsa
# Retrieve the CA certificate.
[Sysname] pki retrieval-certificate ca domain 1
# Request a local certificate.
[Sysname] pki request-certificate domain 1
2) Configure an SSL server policy
# Create an SSL server policy named myssl.
[Sysname] ssl server-policy myssl
# Specify the PKI domain for the SSL server policy as 1.
[Sysname-ssl-server-policy-myssl] pki-domain 1
Switch
Vlan-int3
10.1.2.1/24
10.1.2.2/24
CA
1-4
certificate
Chapter 1 SSL Configuration
request url